Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with JS/TrojanDownloader.Pegel.AP trojan


  • This topic is locked This topic is locked
18 replies to this topic

#1 warner444

warner444

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern California
  • Local time:09:36 AM

Posted 28 April 2010 - 07:07 PM

Hi

I have run ESET NOD and it still finds infections when I run it again.

today it said it removed JS/TrojanDownloader.Pegel.AP trojan AND
a variant of Win32/Cimag.CJ trojan
BAT/KillFiles.NCB trojan
Win32/Wigon.NY trojan


The computer is trying to connect Windows Explorer to the dns server of my ISP

I tried to run CCleaner, it wouldn't run. I uninstalled it, tried to re-install and it will not do it.

I don't know what is active and what is not.

here are mylogs: DDS.txt
--I just attached ark.txt


DDS (Ver_10-03-17.01) - NTFSx86
Run by me at 16:05:38.15 on Wed 04/28/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1216 [GMT -7:00]

AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\me.BLUE\Local Settings\Temporary Internet Files\Content.IE5\7LXASD9N\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 68.68.106.168:51630
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\documents and settings\me.blue\application

data\mozilla\firefox\profiles\xeb1ptdc.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll
TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [HijackThis startup scan] c:\program files\trend micro\hijackthis\HijackThis.exe /startupscan
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Hmawiwifafawiw] rundll32.exe "c:\windows\otuqutoqihoj.dll",Startup
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi6a65~1\office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Se&nd to OneNote - /105
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\me.blue\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office 2007

pro\office14\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program

files\winhttrack\WinHTTrackIEBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 2007

pro\office14\ONBttnIELinkedNotes.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263849381765
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft

shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi6a65~1\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\me7642~1.blu\applic~1\mozilla\firefox\profiles\qpajqkpo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\me.blue\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\mi6a65~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDimdimControl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {CBDE9089-19C7-488D-9726-F5809807D046} - c:\documents and settings\me.blue\local

settings\application data\{CBDE9089-19C7-488D-9726-F5809807D046}

---- FIREFOX POLICIES ----
c:\program files\firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\firefox\greprefs\security-prefs.js -

pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",

"chrome://browser/locale/browser.properties");
c:\program files\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2010-4-24 26248]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2010-4-24 20616]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-11-16 735960]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [2008-3-3 584512]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2010-4-24 122504]
S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2010-4-24 14216]
S3 glancedrv;glancedrv;c:\windows\system32\drivers\glancedrv.sys [2010-2-15 34080]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft

office 2007 pro\office14\GROOVE.EXE [2009-10-29 30603640]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft

shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]

=============== Created Last 30 ================

2010-04-28 19:59:04 0 ----a-w- c:\windows\Mgemab.bin
2010-04-28 19:59:03 120 ----a-w- c:\windows\Ywelec.dat
2010-04-28 19:57:10 32768 ---ha-w- c:\windows\system32\gdiemon.dll
2010-04-28 19:56:47 20 ----a-w- c:\docume~1\me7642~1.blu\applic~1\wzmjhy.dat
2010-04-28 19:18:35 0 d-----w- c:\program files\Firefox
2010-04-27 00:29:04 0 d-----w- c:\windows\system32\wbem\Repository
2010-04-26 23:23:36 20 ----a-w- c:\docume~1\me7642~1.blu\applic~1\kcmdte.dat
2010-04-24 21:49:47 20616 ----a-w- c:\windows\system32\drivers\eufs.sys
2010-04-24 21:49:40 14216 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2010-04-24 21:49:39 26248 ----a-w- c:\windows\system32\drivers\eubakup.sys
2010-04-24 21:49:37 122504 ----a-w- c:\windows\system32\drivers\EuDisk.sys
2010-04-24 21:48:51 0 d-----w- c:\program files\EASEUS
2010-04-23 17:32:13 0 d-----w- c:\program files\Micro Niche Finder 5.0
2010-04-19 05:01:30 0 d-----w- c:\program files\Article Buzz
2010-04-18 22:06:12 0 d-----w- c:\docume~1\me7642~1.blu\applic~1\PADGen
2010-04-18 22:06:01 0 d-----w- c:\program files\PADGen
2010-04-18 17:46:58 0 d-----w- c:\program files\Trend Micro
2010-04-18 04:27:51 0 d-----w- c:\program files\Speccy
2010-04-18 04:26:11 0 d-----w- c:\program files\Defraggler
2010-04-17 20:30:02 0 d--h--w- c:\windows\system32\GroupPolicy
2010-04-17 17:15:55 0 d-----w- c:\docume~1\me7642~1.blu\applic~1\Malwarebytes
2010-04-17 17:15:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-17 17:15:31 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-04-17 17:15:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 17:15:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 17:12:35 0 ----a-w- c:\documents and settings\me.blue\test.db3
2010-04-14 22:08:26 0 d-----w- c:\program files\Market Samurai
2010-04-14 00:58:09 0 d-----w- c:\docume~1\me7642~1.blu\applic~1\FireShot
2010-04-11 23:41:28 0 d-----w- c:\docume~1\me7642~1.blu\applic~1\NoteTab Light
2010-04-11 23:41:13 0 d-----w- c:\program files\NoteTab Light
2010-04-11 23:35:40 0 d-----w- c:\program files\Yahoo!
2010-04-07 03:32:29 0 d-----w- c:\program files\SEO PowerSuite
2010-04-05 16:22:54 0 d-----w- c:\documents and settings\me.blue\.freemind
2010-04-05 16:22:43 0 d-----w- c:\program files\FreeMind
2010-04-05 06:47:01 0 d-----w- c:\docume~1\me7642~1.blu\applic~1\XMind
2010-04-05 06:46:42 0 d-----w- c:\program files\XMind
2010-04-02 01:23:16 0 d-----w- c:\program files\Back Link Analyzer v2.0-cp
2010-04-01 21:26:43 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2010-04-01 21:26:38 0 d-----w- c:\program files\Acro Software
2010-04-01 21:25:47 0 d-----w- c:\program files\GPLGS
2010-04-01 16:59:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-01 04:40:12 52 ----a-w- c:\windows\system32\windriver32.ini
2010-04-01 04:09:09 0 d-----w- c:\program files\SubmitEaze
2010-04-01 00:21:10 0 d-----w- C:\6f4efbbd91b15a279abe39f84964c94b
2010-04-01 00:07:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-31 23:39:06 0 d-----w- c:\program files\G-Lock Software
2010-03-31 23:39:06 0 d-----w- c:\docume~1\me7642~1.blu\applic~1\G-Lock Software
2010-03-31 04:35:20 0 d-----w- c:\documents and settings\all users.windows\SEO Elite
2010-03-31 04:34:59 0 d-----w- c:\program files\SEO Elite 4
2010-03-31 03:34:53 0 d-----w- c:\documents and settings\all users.windows\Micro Niche Finder
2010-03-31 03:34:53 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Micro Niche Finder
2010-03-31 03:34:52 0 d-----w- c:\documents and settings\all users.windows\Micro Niche Finder Service

==================== Find3M ====================

2010-04-22 20:12:06 58432 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-22 18:44:48 942940 ----a-w- c:\windows\fonts\DVEasyPrompterSans.ttf
2010-04-01 16:59:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-29 01:11:21 72080 ----a-w- c:\documents and settings\me.blue\g2mdlhlpx.exe
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-20 12:31:17 910479 ----a-w- c:\windows\XSitePro2 Uninstaller.exe
2010-02-17 16:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 21:08:31 100232 ----a-w- c:\documents and settings\me.blue\DimdimSetup.exe
2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-01-18 23:18:58 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 16:10:03.06 ===============

Attached Files


Edited by warner444, 29 April 2010 - 09:31 AM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:36 PM

Posted 03 May 2010 - 10:15 AM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since
resolved your issues I would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %appdata%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    proquota.exe
    sfcfiles.dll
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    beep.sys
    iaStor.sys
    nvstor.sys
    atapi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    iastorv.sys
    /md5stop
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:36 PM

Posted 07 May 2010 - 06:50 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:36 PM

Posted 08 May 2010 - 01:46 PM

Topic reopened at OP request.

unite.jpg


#5 warner444

warner444
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern California
  • Local time:09:36 AM

Posted 08 May 2010 - 02:54 PM

Hi

Thanks for your help.

Here are a few items that should be pertenet

5/8/2010 4:10:55 AM Real-time file system protection file C:\System Volume Information\_restore{CABB304E-69D2-49DB-8A68-EDE09C3FD9FA}\RP127\A0056220.dll a variant of Win32/Cimag.CK trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\svchost.exe.

5/7/2010 12:29:59 PM Startup scanner file C:\WINDOWS\otuqutoqihoj.dll a variant of Win32/Cimag.CK trojan cleaned by deleting (after the next restart) - quarantined BLUE\me

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\H323TSP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MSSHA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Nls
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DIFx
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\DIFxApp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\oDVT

>>> malwarebytes 5/7 Files Infected:
C:\Documents and Settings\me.BLUE\Local Settings\Temp\~DFAA1A.tmp (Trojan.Agent) -> Delete on reboot.

NOTE these HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DIFx
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\DIFxApp

from seeing this report I think the 2 reg lines above were created by ~DFAA1A.tmp om 5/7 - I haven't deleted them yet.
http://www.eset.eu/encyclopaedia/win32-cim...iloti-ad?lng=en
""Short description
Win32/Cimag.AM is a trojan which tries to download other malware from the Internet.
Installation
When executed, the trojan creates one of the following files:

* %windir%\%variable%.dll (15872 cool.gif
* %appdata%\%variable%.dll (15872 cool.gif

A string with variable content is used instead of %variable% .

Libraries with the following names are injected into all running processes:

* %variable%.dll

In order to be executed on every system start, the trojan sets the following Registry entries:

* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run]
%variable% = "rundll32.exe "%filepath%",e"
* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run]
%variable% = "rundll32.exe "%filepath%",e"

The following Registry entries are created:

* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\%variable%]
* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\
%variable%]

Other information
The trojan contains a list of URLs. It tries to download several files from the addresses.

These are stored in the following locations:

* %windir%\%variable%.dll
* %appdata%\%variable%.dll

The files are then executed.

It can send various information about the infected computer. The trojan collects the following information:

* user name
* operating system version

The HTTP protocol is used. ""

Paste of OTL.txt and Extras.txt

OTL logfile created on: 5/8/2010 10:39:33 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\me.BLUE\My Documents\111 aa LOT OF STUPID JUNK\May 7 more virus bleep
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.45 Gb Total Space | 127.42 Gb Free Space | 45.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 59.52 Gb Free Space | 12.78% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLUE
Current User Name: me
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/08 10:38:18 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\me.BLUE\My Documents\111 aa LOT OF STUPID JUNK\May 7 more virus bleep\OTL.exe
PRC - [2010/05/08 09:38:49 | 002,544,640 | ---- | M] (ESET) -- C:\Documents and Settings\me.BLUE\My Documents\111 aa LOT OF STUPID JUNK\May 7 more virus bleep\SysInspector.exe
PRC - [2010/05/07 13:49:50 | 001,359,360 | ---- | M] (Bryxen Software) -- C:\Program Files\SEOLinkVine\SEO LinkVine Ranker.exe
PRC - [2010/05/07 12:24:34 | 002,017,280 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/04/28 21:00:58 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/04/19 01:30:48 | 001,755,648 | ---- | M] () -- C:\Program Files\RoboSoft4\RSDBServer.exe
PRC - [2010/04/18 10:46:58 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
PRC - [2010/04/01 10:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Firefox\firefox.exe
PRC - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010/03/24 20:31:00 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2010/03/04 15:52:02 | 001,318,912 | ---- | M] (Don HO don.h@free.fr) -- C:\Program Files\Notepad++\notepad++.exe
PRC - [2009/10/15 11:06:52 | 000,053,064 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\TscHelp.exe
PRC - [2009/10/15 11:06:50 | 000,066,888 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
PRC - [2009/10/15 11:06:46 | 007,168,328 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\SnagitEditor.exe
PRC - [2009/10/15 11:06:46 | 006,287,176 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/13 17:59:12 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2005/01/13 17:56:44 | 000,057,409 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2004/11/30 11:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe


========== Modules (SafeList) ==========

MOD - [2010/05/08 10:38:18 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\me.BLUE\My Documents\111 aa LOT OF STUPID JUNK\May 7 more virus bleep\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/19 01:30:48 | 001,755,648 | ---- | M] () [Auto | Running] -- C:\Program Files\RoboSoft4\RSDBServer.exe -- (RSDBServerService)
SRV - [2010/03/24 20:39:48 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/10/29 11:22:50 | 030,603,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office 2007 Pro\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/09/26 05:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2005/01/13 17:59:12 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2005/01/13 17:56:44 | 000,057,409 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2004/11/30 11:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)


========== Driver Services (SafeList) ==========

DRV - [2010/05/08 09:40:56 | 000,107,256 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Documents and Settings\me.BLUE\Local Settings\Temp\esihdrv.sys -- (esihdrv)
DRV - [2010/05/07 12:24:34 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/24 20:33:50 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010/03/24 20:33:50 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010/03/24 20:33:46 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/02 12:21:00 | 000,020,616 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eufs.sys -- (EUFS)
DRV - [2009/12/02 12:20:58 | 000,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2009/12/02 12:20:56 | 000,026,248 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2009/12/02 12:20:54 | 000,122,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2009/05/13 11:56:28 | 000,034,080 | ---- | M] (Glance Networks, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\glancedrv.sys -- (glancedrv)
DRV - [2005/02/23 08:47:50 | 000,584,512 | ---- | M] (VIA - IC Ensemble, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Envy24HF.sys -- (Envy24HFS)
DRV - [2005/01/13 09:45:46 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/01/13 09:45:44 | 000,033,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/01/13 09:45:36 | 000,097,920 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NVTCP.SYS -- (NVTCP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-823518204-562591055-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-823518204-562591055-682003330-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-823518204-562591055-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-823518204-562591055-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S-1-5-21-823518204-562591055-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 68.68.106.168:51630

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.0.3
FF - prefs.js..extensions.enabledItems: {8f5ce3f8-1735-4680-b15e-108f2f50e8ba}:2.0.1
FF - prefs.js..extensions.enabledItems: foxyseotool@foxyseotool.com:0.8.3
FF - prefs.js..extensions.enabledItems: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}:1.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: firefox-extension@shareaholic.com:1.9.7
FF - prefs.js..extensions.enabledItems: kgen@elitwork.com:0.7
FF - prefs.js..extensions.enabledItems: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}:4.1.0.18
FF - prefs.js..extensions.enabledItems: {5546F97E-11A5-46b0-9082-32AD74AAA920}:0.5.5.8
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.19.1
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: {49f3fc85-dcfe-4e42-9301-226ebe658509}:0.6.6
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.0.3
FF - prefs.js..extensions.enabledItems: seodoctor@prelovac.com:1.0
FF - prefs.js..extensions.enabledItems: {5287b941-4b3f-4e49-8b61-940865e882b1}:1.2.1
FF - prefs.js..extensions.enabledItems: {5c1a272d-6af9-4229-b821-11703c6b5ccf}:2.0
FF - prefs.js..extensions.enabledItems: adhighlighter@sidthemonkey.com:2.3
FF - prefs.js..extensions.enabledItems: savecomplete@perlprogrammer.com:1.0.1
FF - prefs.js..extensions.enabledItems: {3f1182ea-3243-4d32-8826-71fb1cc9c328}:0.9.1
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: fireform@mozilla.org:0.7
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.5.2
FF - prefs.js..extensions.enabledItems: {D719B74B-E716-403b-91A9-1CE455AB8ccc}:4.1
FF - prefs.js..extensions.enabledItems: seo4firefox@seobook.com:3.3.0
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.025
FF - prefs.js..extensions.enabledItems: flvmoviesdownloader@rzll:1.40
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.0.1
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.4
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Firefox\components [2010/05/04 15:31:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Firefox\plugins [2010/05/04 15:31:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/04/29 07:49:42 | 000,000,000 | ---D | M]

[2010/04/28 12:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Extensions
[2010/05/07 19:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions
[2010/05/07 19:31:52 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/04/29 12:45:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/30 10:47:31 | 000,000,000 | ---D | M] (X-Ray) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{3f1182ea-3243-4d32-8826-71fb1cc9c328}
[2010/04/29 23:08:10 | 000,000,000 | ---D | M] (LinkChecker) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}
[2010/04/30 16:54:35 | 000,000,000 | ---D | M] (ResultRank) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{5287b941-4b3f-4e49-8b61-940865e882b1}
[2010/04/29 22:31:35 | 000,000,000 | ---D | M] (InFormEnter) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
[2010/04/29 23:43:01 | 000,000,000 | ---D | M] (Niche Watch Tool) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{5c1a272d-6af9-4229-b821-11703c6b5ccf}
[2010/05/03 21:38:31 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/04/29 22:31:39 | 000,000,000 | ---D | M] (Amplify) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{8f5ce3f8-1735-4680-b15e-108f2f50e8ba}
[2010/04/29 22:31:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/04/29 22:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
[2010/04/29 23:08:10 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2010/04/29 23:08:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2010/05/04 19:14:33 | 000,000,000 | ---D | M] (Signature) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{D719B74B-E716-403b-91A9-1CE455AB8ccc}
[2010/05/07 19:31:54 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/05/02 18:56:08 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/04/29 22:31:35 | 000,000,000 | ---D | M] (Diigo Bookmarks and Web Annotations) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}
[2010/04/29 23:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\adhighlighter@sidthemonkey.com
[2010/05/07 19:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\anttoolbar@ant.com
[2010/05/07 19:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\artur.dubovoy@gmail.com
[2010/05/04 19:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\autofillForms@blueimp.net
[2010/05/04 19:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\fireform@mozilla.org
[2010/04/29 17:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\firefox@ghostery.com
[2010/04/29 22:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\firefox-extension@shareaholic.com
[2010/05/07 19:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\flvmoviesdownloader@rzll
[2010/04/29 22:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\foxyproxy@eric.h.jung
[2010/04/29 22:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\foxyseotool@foxyseotool.com
[2010/04/29 22:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\kgen@elitwork.com
[2010/04/29 23:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\savecomplete@perlprogrammer.com
[2010/05/05 15:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\seo4firefox@seobook.com
[2010/04/29 23:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\seodoctor@prelovac.com
[2010/05/07 19:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\unplug@compunach
[2010/04/29 22:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\firefox-extension@shareaholic.com\chrome
[2010/04/29 22:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\firefox-extension@shareaholic.com\defaults
[2010/01/11 16:22:54 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\searchplugins\diigo--google.xml
[2010/04/28 12:07:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/22 15:14:24 | 000,176,128 | ---- | M] (Dimdim, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npDimdimControl.dll
[2007/03/09 16:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office 2007 Pro\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 2007 Pro\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\xeb1ptdc.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll File not found
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-823518204-562591055-682003330-1003\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKU\S-1-5-21-823518204-562591055-682003330-1003..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-823518204-562591055-682003330-1003..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-823518204-562591055-682003330-1003..\Run: [SEOLinkVine] C:\Program Files\SEOLinkVine\SEO LinkVine Ranker.exe (Bryxen Software)
O4 - HKU\S-1-5-21-823518204-562591055-682003330-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-562591055-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-562591055-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-823518204-562591055-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-823518204-562591055-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 2007 Pro\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2007 Pro\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2007 Pro\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 2007 Pro\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 2007 Pro\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1263849381765 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1273281641656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\me.BLUE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\me.BLUE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office 2007 Pro\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/08 21:29:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/03/03 20:51:23 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: conviles - (C:\WINDOWS\system32\gdiemon.dll) - C:\WINDOWS\System32\gdiemon.dll File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/01/18 00:20:11 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/07 22:19:07 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/05/07 22:19:06 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/05/07 22:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Local Settings\Application Data\ApplicationHistory
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/05/07 19:04:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/07 18:32:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/05/07 18:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010/05/07 17:47:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/07 17:46:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/07 17:45:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/07 17:45:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/07 17:45:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/07 17:45:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/07 17:43:34 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/05/07 17:41:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/06 21:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2010/05/06 16:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\Screensaver Factory 5 Enterprise
[2010/05/06 16:31:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Application Data\Blumentals
[2010/05/06 15:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\Pass
[2010/05/05 13:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\Valeri Vlassov
[2010/05/05 13:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Application Data\Software Informer
[2010/05/05 13:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\Software Informer
[2010/05/05 10:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Application Data\RoboSoft
[2010/05/05 10:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\RoboSoft4
[2010/05/05 10:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RoboSoft
[2010/05/05 09:58:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Local Settings\Application Data\UInterface
[2010/05/05 09:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\Chamki
[2010/05/05 09:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\PAD
[2010/05/04 21:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Free Directory Submission Software
[2010/05/04 13:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\Snagit
[2010/05/04 13:29:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith
[2010/05/04 13:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010/05/04 13:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Local Settings\Application Data\TechSmith
[2010/05/04 12:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\GRAPHICS
[2010/05/03 22:37:19 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/03 22:37:19 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/03 22:37:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/03 22:37:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/03 18:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\eBook Maestro PRO
[2010/05/02 20:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\HTML2Exe Baler 2
[2010/05/02 20:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\EBook Maestro
[2010/05/02 20:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\eBook Maestro FREE
[2010/05/02 20:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\NATATA eBook Compiler Free
[2010/05/02 13:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\WebSiteZip Packer 1.3
[2010/05/01 10:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\SEOLinkVine
[2010/04/29 12:48:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\SEO LINK VINE
[2010/04/29 10:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
[2010/04/29 10:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Application Data\Yahoo!
[2010/04/29 10:18:36 | 000,000,000 | ---D | C] -- C:\FIX
[2010/04/29 10:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2010/04/29 10:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Application Data\SUPERAntiSpyware.com
[2010/04/29 10:07:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/29 10:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/28 20:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/28 19:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Local Settings\Application Data\Eraser 6
[2010/04/28 16:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Desktop\gmer
[2010/04/28 12:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Firefox
[2010/04/27 17:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\Plan B
[2010/04/25 11:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\bleep Islam
[2010/04/24 14:49:47 | 000,020,616 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eufs.sys
[2010/04/24 14:49:40 | 000,014,216 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudskacs.sys
[2010/04/24 14:49:39 | 000,026,248 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eubakup.sys
[2010/04/24 14:49:37 | 000,122,504 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\EuDisk.sys
[2010/04/24 14:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2010/04/23 10:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\Micro Niche Finder 5.0
[2010/04/22 11:45:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\Video Class
[2010/04/20 14:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\My SpringWidgets
[2010/04/18 22:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Article Buzz
[2010/04/18 15:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\PADGen
[2010/04/18 15:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Application Data\PADGen
[2010/04/18 15:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\PADGen
[2010/04/18 11:02:59 | 000,000,000 | ---D | C] -- C:\rsit
[2010/04/18 10:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/17 21:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2010/04/17 21:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010/04/17 13:30:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/04/17 13:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Local Settings\Application Data\Help
[2010/04/17 13:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Application Data\Help
[2010/04/17 10:15:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Application Data\Malwarebytes
[2010/04/17 10:15:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/17 10:15:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/04/17 10:15:24 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/17 10:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/13 17:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Application Data\FireShot
[2010/04/13 14:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\Howie
[2010/04/13 11:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\Adobe Business Catalyst
[2010/04/11 16:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Application Data\NoteTab Light
[2010/04/11 16:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\NoteTab Light
[2010/04/11 16:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Local Settings\Application Data\Yahoo
[2010/04/11 16:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/04/10 04:16:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Local Settings\Application Data\IsolatedStorage
[2008/03/03 17:56:35 | 000,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2008/03/03 17:56:35 | 000,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/08 10:38:18 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\me.BLUE\ntuser.dat
[2010/05/08 10:33:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-562591055-682003330-1003UA.job
[2010/05/08 09:27:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/08 09:27:09 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/05/08 09:26:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/08 09:26:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/08 04:49:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\me.BLUE\ntuser.ini
[2010/05/07 22:16:25 | 000,505,286 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/07 22:16:25 | 000,443,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/07 22:16:25 | 000,072,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/07 22:12:10 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsinsWTF.BAK
[2010/05/07 18:04:19 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/07 17:47:50 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/07 13:33:53 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ywelec.dat
[2010/05/07 12:11:59 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/07 11:33:00 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-562591055-682003330-1003Core.job
[2010/05/07 10:58:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MgemabWTF.bin
[2010/05/06 21:31:45 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Market Samurai.lnk
[2010/05/06 15:33:26 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/05/05 13:45:25 | 000,001,898 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VIPadd.lnk
[2010/05/05 10:41:50 | 000,000,635 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RoboSoft 4.lnk
[2010/05/04 13:29:20 | 000,001,754 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Snagit 9.lnk
[2010/05/02 21:02:08 | 000,000,222 | ---- | M] () -- C:\WINDOWS\EXEHtml.INI
[2010/05/02 20:39:25 | 000,075,776 | ---- | M] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2010/04/29 10:19:14 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\CCleaner.lnk
[2010/04/29 10:07:34 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/28 20:42:43 | 000,002,306 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\Google Chrome.lnk
[2010/04/28 16:10:26 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\gmer.zip
[2010/04/28 16:07:00 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\dds.scr
[2010/04/28 12:57:12 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Application Data\wzmjhy.dat
[2010/04/28 12:33:34 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\GoodSync.lnk
[2010/04/26 16:23:52 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Application Data\kcmdte.dat
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/23 10:32:22 | 000,001,828 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Micro Niche Finder 5.0.lnk
[2010/04/22 21:33:47 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/22 15:02:54 | 000,002,475 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Traffic Mania - PressBot.lnk
[2010/04/22 13:12:06 | 000,058,432 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/22 12:45:57 | 000,070,704 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/21 16:40:09 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\Xenu.lnk
[2010/04/21 14:47:03 | 000,000,932 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\BookmarkingDemon 5.lnk
[2010/04/20 14:17:28 | 000,000,439 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\Web Simulator.lnk
[2010/04/20 14:17:28 | 000,000,391 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\Output.lnk
[2010/04/18 15:06:09 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\PADGen.lnk
[2010/04/18 10:47:00 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\HijackThis.lnk
[2010/04/16 10:04:09 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2010/04/15 12:10:44 | 000,001,250 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\Rank Decoding Engine Web 2 Sites.lnk
[2010/04/15 10:12:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\me.BLUE\test.db3
[2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/12 15:19:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/12 07:24:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/11 16:35:46 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Yahoo! Widgets.lnk
[2010/04/10 15:15:48 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\IS0030.db3
[2010/04/10 04:23:00 | 000,001,916 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SocialBot.lnk
[2010/04/10 04:15:09 | 000,001,932 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Traffic Mania - BlogBot.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/07 22:10:35 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/05/07 17:47:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/07 17:47:47 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/07 17:46:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/07 17:46:00 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/07 17:45:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/07 17:45:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/07 17:45:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/06 21:31:45 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Market Samurai.lnk
[2010/05/05 13:45:25 | 000,001,898 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VIPadd.lnk
[2010/05/05 10:41:50 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RoboSoft 4.lnk
[2010/05/04 13:29:20 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Snagit 9.lnk
[2010/05/02 21:02:08 | 000,000,222 | ---- | C] () -- C:\WINDOWS\EXEHtml.INI
[2010/05/02 20:39:25 | 000,075,776 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2010/04/29 10:07:34 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/28 20:42:43 | 000,002,306 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\Google Chrome.lnk
[2010/04/28 20:08:51 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\CCleaner.lnk
[2010/04/28 16:10:25 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\gmer.zip
[2010/04/28 16:06:48 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\dds.scr
[2010/04/28 12:59:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MgemabWTF.bin
[2010/04/28 12:59:03 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ywelec.dat
[2010/04/28 12:56:47 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Application Data\wzmjhy.dat
[2010/04/28 12:33:34 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\GoodSync.lnk
[2010/04/26 16:23:36 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Application Data\kcmdte.dat
[2010/04/25 15:55:03 | 007,602,176 | ---- | C] () -- C:\Documents and Settings\me.BLUE\ntuser.dat
[2010/04/24 19:31:32 | 000,346,624 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\AutoPligg 3.exe
[2010/04/23 10:32:22 | 000,001,828 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Micro Niche Finder 5.0.lnk
[2010/04/21 16:40:09 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\Xenu.lnk
[2010/04/20 14:16:40 | 000,000,439 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\Web Simulator.lnk
[2010/04/20 14:16:40 | 000,000,391 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\Output.lnk
[2010/04/18 15:06:09 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\PADGen.lnk
[2010/04/18 10:47:00 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\HijackThis.lnk
[2010/04/15 12:10:44 | 000,001,250 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\Rank Decoding Engine Web 2 Sites.lnk
[2010/04/15 10:15:14 | 000,000,037 | ---- | C] () -- C:\Documents and Settings\me.BLUE\error.txt
[2010/04/15 10:13:05 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\me.BLUE\license.txt
[2010/04/15 10:12:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\me.BLUE\test.db3
[2010/04/11 16:35:46 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Yahoo! Widgets.lnk
[2010/04/10 15:16:27 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\IS0030.db3
[2010/04/10 04:23:00 | 000,001,916 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SocialBot.lnk
[2010/04/10 04:15:09 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Traffic Mania - BlogBot.lnk
[2010/04/01 14:26:43 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/03/31 21:40:12 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\windriver32.ini
[2010/03/30 22:08:27 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/02/18 09:37:25 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/18 09:37:21 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/20 12:41:33 | 000,026,491 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010/01/20 11:15:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/18 11:24:16 | 000,020,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\XPCDriver.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2006/06/27 02:33:52 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2006/02/09 15:29:54 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL

========== Custom Scans ==========


< %appdata%\*.* >
[2010/01/18 00:28:04 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\me.BLUE\Application Data\desktop.ini
[2010/04/26 16:23:52 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Application Data\kcmdte.dat
[2010/04/28 12:57:12 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Application Data\wzmjhy.dat

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 17:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >
[2006/11/01 14:08:00 | 000,081,920 | ---- | M] () -- C:\Output.exe
[2007/02/28 13:36:42 | 001,215,471 | ---- | M] () -- C:\Web Simulator.exe


< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/01/18 15:53:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/01/18 15:53:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: BEEP.SYS >
[2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 05:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 17:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 17:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 05:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 17:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/13 17:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 17:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll
< End of report >

-------------------------
Extras.txt

OTL Extras logfile created on: 5/8/2010 10:39:33 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\me.BLUE\My Documents\111 aa LOT OF STUPID JUNK\May 7 more virus bleep
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.45 Gb Total Space | 127.42 Gb Free Space | 45.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 59.52 Gb Free Space | 12.78% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLUE
Current User Name: me
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-823518204-562591055-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office 2007 Pro\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office 2007 Pro\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office 2007 Pro\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office 2007 Pro\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office 2007 Pro\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office 2007 Pro\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office 2007 Pro\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office 2007 Pro\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\RoboSoft4\RSDBServer.exe" = C:\Program Files\RoboSoft4\RSDBServer.exe:127.0.0.1/255.255.255.255:Enabled:RoboSoft/PADManager database server -- ()
"C:\Program Files\RoboSoft4\RoboSoft.exe" = C:\Program Files\RoboSoft4\RoboSoft.exe:127.0.0.1/255.255.255.255:Enabled:RoboSoft main application -- (Rudenko Software)
"C:\Program Files\RoboSoft4\ASBMWorker.exe" = C:\Program Files\RoboSoft4\ASBMWorker.exe:127.0.0.1/255.255.255.255:Enabled:RoboSoft automatic submission worker -- (Rudenko Software)
"C:\Documents and Settings\me.BLUE\Application Data\Softlakecity\Automatic Article Submitter\ASubmitter.exe" = C:\Documents and Settings\me.BLUE\Application Data\Softlakecity\Automatic Article Submitter\ASubmitter.exe:*:Enabled:Article Submitter 2 -- ()
"C:\Program Files\EASEUS\EASEUS Todo Backup 1.1\bin\Record.exe" = C:\Program Files\EASEUS\EASEUS Todo Backup 1.1\bin\Record.exe:*:Enabled:Bootable Media Builder -- ()
"C:\Program Files\Back Link Analyzer v2.0-cp\BackLinkAnalyser.exe" = C:\Program Files\Back Link Analyzer v2.0-cp\BackLinkAnalyser.exe:*:Enabled:Back Link Analyzer-cp -- ()
"C:\Program Files\ESET\ESET Smart Security\egui.exe" = C:\Program Files\ESET\ESET Smart Security\egui.exe:*:Enabled:ESET Smart Security -- (ESET)
"C:\Program Files\ESET\ESET Smart Security\SysInspector.exe" = C:\Program Files\ESET\ESET Smart Security\SysInspector.exe:*:Enabled:ESET SysInspector -- (ESET)
"C:\Program Files\ESET\ESET Smart Security\SysRescue.exe" = C:\Program Files\ESET\ESET Smart Security\SysRescue.exe:*:Enabled:ESET SysRescue -- (ESET)
"C:\Program Files\Chami\HTML-Kit\Bin\HTMLKit.exe" = C:\Program Files\Chami\HTML-Kit\Bin\HTMLKit.exe:*:Enabled:HTML-Kit -- (Chami.com)
"C:\Program Files\FileZilla FTP Client\filezilla.exe" = C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla -- (FileZilla Project)
"C:\Documents and Settings\me.BLUE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\me.BLUE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Firefox\firefox.exe" = C:\Program Files\Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Free Edition -- (SUPERAntiSpyware.com)
"C:\Program Files\Market Samurai\Market Samurai.exe" = C:\Program Files\Market Samurai\Market Samurai.exe:*:Enabled:Market Samurai -- ()
"C:\Program Files\Micro Niche Finder 5.0\MicroNicheFinder.exe" = C:\Program Files\Micro Niche Finder 5.0\MicroNicheFinder.exe:*:Enabled:Micro Niche Finder 5.0 -- (James J Jones, LLC.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04179174-F3AC-4CE6-BBBE-83B46D5041CB}" = SocialBot
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{088A077A-8028-408C-AE7B-4512AE2A65A0}" = Canon CanoScan Toolbox 4.6
"{0C8F5A16-1A6D-405B-A31E-C79B2C7CDA26}" = Screencaster Plug-in for FF
"{1BB744F5-793A-4F94-A019-4EFD792370B8}" = BlogBot
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)
"{20140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 (Beta)
"{20140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta)
"{20140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta)
"{20140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta)
"{20140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta)
"{20140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta)
"{20140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta)
"{20140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 20
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
"{3CDC6E37-E182-424D-8609-4F1A6797D128}_is1" = Untapped Niche Explorer 1.0
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90206544-8DAA-416E-8D78-A6A3352BC10B}" = PressBot
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9516A4F3-A620-4C4B-B17C-750C6B87AF4B}" = ESET Smart Security
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2A81B39-5186-48CA-92C3-5C7978870BF4}" = CommentKahuna
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{BE0CBDD5-7506-476E-983E-388ADAAA6006}" = G-Mapper
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7FC5149-BFBD-2E39-67CE-08A37E2E7370}" = DeskTube
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E0A217D1-2F47-4DB4-AA86-7C4EC04ED124}" = VIPadd
"{EFE356A6-91C3-450F-A469-504ACA655A7A}_is1" = PADGen 3.1.0.41
"{FCB1FC90-DB82-388D-948B-60806210A61D}" = Market Samurai
"7-Zip" = 7-Zip 4.65
"A Submitter" = NSIS A Submitter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AI RoboForm" = AI RoboForm (All Users)
"AIM_7" = AIM 7
"Allscoop RSS Submit Pro 1.0" = Allscoop RSS Submit Pro 1.0
"Article Buzz_is1" = Article Buzz v2.0
"Article Page Machine_is1" = Article Page Machine 1.0
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BackLinkAnalyzer v2.0-cp" = Back Link Analyzer v2.0-cp
"Burn4Free" = Burn4Free CD and DVD
"CCleaner" = CCleaner
"Chamki_is1" = Chamki
"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
"com.dz.DeskTube.DC1B0EDA241604E0F9349CA56BDAFF9C08B50063.1" = DeskTube
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Defraggler" = Defraggler
"EASEUS Todo Backup 1.1_is1" = EASEUS Todo Backup 1.1
"eBook Maestro FREE_is1" = eBook Maestro FREE 1.80
"eBook Maestro PRO_is1" = eBook Maestro PRO 1.80
"Fast Directory Submitter_is1" = Fast Directory Submitter 1.54
"FileZilla Client" = FileZilla Client 3.3.2.1
"Free Directory Submission Software_is1" = Free Directory Submission Software
"GSiteCrawler" = GSiteCrawler
"HijackThis" = HijackThis 2.0.2
"HKHLPW3C_is1" = HTML-Kit Help Files -- W3C Specifications (version 09-Sep-2001)
"HKPGEN_is1" = Uninstall HTML-Kit Plugins Generator
"HTML2Exe Baler 2" = HTML2Exe Baler 2
"HTMLKit_is1" = HTML-Kit
"IBP11_is1" = IBP 11.6
"ie8" = Windows Internet Explorer 8
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Micro Niche Finder 5.0_is1" = Micro Niche Finder 5.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NATATA eBook Compiler Free_is1" = NATATA eBook Compiler Free 2.1
"Notepad++" = Notepad++
"NoteTab Light 6_is1" = NoteTab Light 6 (Remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"Nvu_is1" = Nvu 1.0PR
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"RoboSoft 4_is1" = RoboSoft 4.0
"RSS Submit v2.60_is1" = RSS Submit v2.60
"Screensaver Factory 5 Enterprise_is1" = Screensaver Factory 5 Enterprise
"SENuke_is1" = SENuke
"SEO_Deploy_0" = SEO Software Submitter Standard Edition 1.0
"SEO_Deploy_1" = SEO Software Submitter Advanced Edition 1.0
"seopowersuite" = LinkAssistant
"Software Informer_is1" = Software Informer 1.0 BETA
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Speccy" = Speccy
"SubmitEaze" = SubmitEaze
"Traffic Travis_is1" = Traffic Travis 3.2.4
"UnixUtils for Yahoo! Widgets" = Unix Utilities for Yahoo! Widgets
"uTorrent" = µTorrent
"WebCEO70_is1" = Web CEO 8.1
"WebSiteZip Packer_is1" = 1.3.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9B
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xenu's Link Sleuth" = Xenu's Link Sleuth
"XMind" = XMind
"XPC Tools" = XPC Tools
"XSitePro2" = XSitePro2
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Widget Engine" = Yahoo! Widgets
"Yahoo! Widgets SDK" = Yahoo! Widgets SDK
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-823518204-562591055-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"22abf9dde03b3b37" = Seesmic for Windows
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.456
"oDVT" = oDesk Team

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/10/2010 1:16:37 AM | Computer Name = BLUE | Source = Application Error | ID = 1000
Description = Faulting application market samurai.exe, version 0.0.0.0, faulting
module adobe air.dll, version 1.5.3.9130, fault address 0x001166d6.

Error - 3/10/2010 11:47:51 PM | Computer Name = BLUE | Source = Application Error | ID = 1000
Description = Faulting application market samurai.exe, version 0.0.0.0, faulting
module adobe air.dll, version 1.5.3.9130, fault address 0x00112edc.

Error - 3/10/2010 11:48:05 PM | Computer Name = BLUE | Source = Application Error | ID = 1001
Description = Fault bucket 1752666681.

Error - 3/11/2010 7:12:46 PM | Computer Name = BLUE | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 4.1.0.179, faulting module
unknown, version 0.0.0.0, fault address 0x0000000b.

Error - 3/11/2010 7:12:52 PM | Computer Name = BLUE | Source = Application Error | ID = 1001
Description = Fault bucket 1517194999.

Error - 3/12/2010 7:18:57 PM | Computer Name = BLUE | Source = Application Error | ID = 1000
Description = Faulting application market samurai.exe, version 0.0.0.0, faulting
module adobe air.dll, version 1.5.3.9130, fault address 0x001166d6.

Error - 3/12/2010 7:19:07 PM | Computer Name = BLUE | Source = Application Error | ID = 1001
Description = Fault bucket 1755718976.

Error - 3/14/2010 12:35:59 AM | Computer Name = BLUE | Source = MsiInstaller | ID = 10005
Description = Product: Google Sitemap Generator (Beta) -- Please install Internet
Information Service 5.0 or higher.

Error - 3/14/2010 12:36:09 AM | Computer Name = BLUE | Source = MsiInstaller | ID = 10005
Description = Product: Google Sitemap Generator (Beta) -- Please install Internet
Information Service 5.0 or higher.

Error - 3/15/2010 12:13:38 AM | Computer Name = BLUE | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 9.3.0.148, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/23/2010 7:57:16 PM | Computer Name = BLUE | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000038, parameter2 00000002, parameter3
00000001, parameter4 b9bb39d8.

Error - 4/24/2010 4:40:19 PM | Computer Name = BLUE | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000038, parameter2 00000002, parameter3
00000001, parameter4 b9b6a9d8.

Error - 4/26/2010 7:28:55 PM | Computer Name = BLUE | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 4/28/2010 4:03:08 PM | Computer Name = BLUE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'pmsxteTy.dll' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.

Error - 4/28/2010 9:49:38 PM | Computer Name = BLUE | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 8a0873b8, parameter3
8a08752c, parameter4 805c8c7c.

Error - 4/29/2010 12:28:10 PM | Computer Name = BLUE | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000038, parameter2 00000002, parameter3
00000001, parameter4 b9ace9d8.

Error - 5/6/2010 9:50:44 PM | Computer Name = BLUE | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 5/7/2010 3:24:37 PM | Computer Name = BLUE | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 5/7/2010 9:32:51 PM | Computer Name = BLUE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Windows Search 4.0 for Windows XP (KB940157).

Error - 5/8/2010 1:04:03 AM | Computer Name = BLUE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Windows Search 4.0 for Windows XP (KB940157).


< End of report >


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:36 PM

Posted 10 May 2010 - 08:02 AM

Hello,

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\xeb1ptdc.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O36 - AppCertDlls: conviles - (C:\WINDOWS\system32\gdiemon.dll) - C:\WINDOWS\System32\gdiemon.dll File not found[2010/04/26 16:23:52 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Application Data\kcmdte.dat
    [2010/04/28 12:57:12 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Application Data\wzmjhy.dat
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.

unite.jpg


#7 warner444

warner444
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern California
  • Local time:09:36 AM

Posted 10 May 2010 - 09:46 AM

GooredFix by jpshortstuff (08.01.10.1)
Log created at 07:29 on 10/05/2010 (me)
Firefox version 3.6.3 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [16:59 01/04/2010]

C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\
adhighlighter@sidthemonkey.com [06:42 30/04/2010]
anttoolbar@ant.com [02:29 08/05/2010]
artur.dubovoy@gmail.com [02:29 08/05/2010]
autofillForms@blueimp.net [02:14 05/05/2010]
fireform@mozilla.org [02:14 05/05/2010]
firefox-extension@shareaholic.com [05:31 30/04/2010]
firefox@ghostery.com [00:27 30/04/2010]
flvmoviesdownloader@rzll [02:29 08/05/2010]
foxyproxy@eric.h.jung [05:31 30/04/2010]
foxyseotool@foxyseotool.com [05:31 30/04/2010]
kgen@elitwork.com [05:31 30/04/2010]
savecomplete@perlprogrammer.com [06:42 30/04/2010]
seo4firefox@seobook.com [22:18 05/05/2010]
seodoctor@prelovac.com [06:43 30/04/2010]
unplug@compunach [02:29 08/05/2010]
{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [02:31 08/05/2010]
{20a82645-c095-46ed-80e3-08825760534b} [19:45 29/04/2010]
{3f1182ea-3243-4d32-8826-71fb1cc9c328} [17:47 30/04/2010]
{49f3fc85-dcfe-4e42-9301-226ebe658509} [06:08 30/04/2010]
{5287b941-4b3f-4e49-8b61-940865e882b1} [23:54 30/04/2010]
{5546F97E-11A5-46b0-9082-32AD74AAA920} [05:31 30/04/2010]
{5c1a272d-6af9-4229-b821-11703c6b5ccf} [06:43 30/04/2010]
{73a6fe31-595d-460b-a920-fcc0f8843232} [04:38 04/05/2010]
{8f5ce3f8-1735-4680-b15e-108f2f50e8ba} [05:31 30/04/2010]
{AE93811A-5C9A-4d34-8462-F7B864FC4696} [05:31 30/04/2010]
{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} [05:31 30/04/2010]
{d47a9f51-8281-43fa-f450-f28ef8735e9a} [06:08 30/04/2010]
{d57c9ff1-6389-48fc-b770-f78bd89b6e8a} [06:08 30/04/2010]
{D719B74B-E716-403b-91A9-1CE455AB8ccc} [02:14 05/05/2010]
{DDC359D1-844A-42a7-9AA1-88A850A938A8} [02:31 08/05/2010]
{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [01:56 03/05/2010]
{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} [05:31 30/04/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [02:03 19/01/2010]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [16:59 01/04/2010]

-=E.O.F=-

-------------------------------
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68}\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\conviles:C:\WINDOWS\system32\gdiemon.dll deleted successfully.
C:\Documents and Settings\me.BLUE\Application Data\wzmjhy.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: All Users.WINDOWS

User: Default User
->Temporary Internet Files folder emptied: 67 bytes

User: Default User.WINDOWS
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService.NT AUTHORITY
->Temporary Internet Files folder emptied: 67 bytes

User: me
->Temporary Internet Files folder emptied: 294871 bytes
->Flash cache emptied: 1314 bytes

User: me.BLUE
->Temporary Internet Files folder emptied: 236008086 bytes
->Java cache emptied: 350195 bytes
->Flash cache emptied: 59889 bytes

User: NetworkService
->Temporary Internet Files folder emptied: 402 bytes

User: NetworkService.NT AUTHORITY
->Temporary Internet Files folder emptied: 620249 bytes

User: TEMP
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 4528145 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1124299 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3601732 bytes

Total Files Cleaned = 237.00 mb


[EMPTYFLASH]

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS
->Flash cache emptied: 0 bytes

User: LocalService

User: LocalService.NT AUTHORITY

User: me
->Flash cache emptied: 0 bytes

User: me.BLUE
->Flash cache emptied: 0 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY

User: TEMP

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05102010_073300

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\me.BLUE\Local Settings\Temporary Internet Files\Content.IE5\ZMAG887H\250[1].htm not found!
File\Folder C:\Documents and Settings\me.BLUE\Local Settings\Temporary Internet Files\Content.IE5\O48KMSGV\eyengage[1].htm not found!
File\Folder C:\Documents and Settings\me.BLUE\Local Settings\Temporary Internet Files\Content.IE5\O48KMSGV\rpc_relay[1].htm not found!
File\Folder C:\Documents and Settings\me.BLUE\Local Settings\Temporary Internet Files\Content.IE5\O48KMSGV\rpc_relay[2].htm not found!
File\Folder C:\Documents and Settings\me.BLUE\Local Settings\Temporary Internet Files\Content.IE5\FBXJ2IFV\25[1].txt not found!
File\Folder C:\Documents and Settings\me.BLUE\Local Settings\Temporary Internet Files\Content.IE5\FBXJ2IFV\eyengage[1].htm not found!
File\Folder C:\Documents and Settings\me.BLUE\Local Settings\Temporary Internet Files\Content.IE5\FBXJ2IFV\iframe[1].htm not found!
File\Folder C:\Documents and Settings\me.BLUE\Local Settings\Temporary Internet Files\Content.IE5\FBXJ2IFV\topic313361[2].htm not found!
File\Folder C:\Documents and Settings\me.BLUE\Local Settings\Temporary Internet Files\Content.IE5\DH373LB8\adsCAGBLOXR.txt not found!
File\Folder C:\Documents and Settings\me.BLUE\Local Settings\Temporary Internet Files\Content.IE5\DH373LB8\dg_specificclick_net[1].htm not found!
File\Folder C:\Documents and Settings\me.BLUE\Local Settings\Temporary Internet Files\Content.IE5\DH373LB8\home[2].txt not found!
File\Folder C:\Documents and Settings\me.BLUE\Local Settings\Temporary Internet Files\Content.IE5\DH373LB8\mail[1].htm not found!
File\Folder C:\Documents and Settings\me.BLUE\Local Settings\Temporary Internet Files\Content.IE5\DH373LB8\mail[2].htm not found!
File\Folder C:\Documents and Settings\me.BLUE\Local Settings\Temporary Internet Files\Content.IE5\DH373LB8\mail[3].htm not found!
File\Folder C:\Documents and Settings\me.BLUE\Local Settings\Temporary Internet Files\Content.IE5\DH373LB8\mail[4].htm not found!
C:\Documents and Settings\me.BLUE\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
-----------------------------------------
OTL logfile created on: 5/10/2010 7:42:30 AM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\me.BLUE\My Documents\111 aa LOT OF STUPID JUNK\May 7 more virus bleep
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.45 Gb Total Space | 117.91 Gb Free Space | 42.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 59.52 Gb Free Space | 12.78% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLUE
Current User Name: me
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/08 10:38:18 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\me.BLUE\My Documents\111 aa LOT OF STUPID JUNK\May 7 more virus bleep\OTL.exe
PRC - [2010/05/07 12:24:34 | 002,017,280 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/04/28 21:00:58 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/04/19 01:30:48 | 001,755,648 | ---- | M] () -- C:\Program Files\RoboSoft4\RSDBServer.exe
PRC - [2010/04/18 10:46:58 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
PRC - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010/03/24 20:31:00 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/10/15 11:06:52 | 000,053,064 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\TscHelp.exe
PRC - [2009/10/15 11:06:50 | 000,066,888 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
PRC - [2009/10/15 11:06:46 | 007,168,328 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\SnagitEditor.exe
PRC - [2009/10/15 11:06:46 | 006,287,176 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/13 17:59:12 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2005/01/13 17:56:44 | 000,057,409 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2004/11/30 11:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe


========== Modules (SafeList) ==========

MOD - [2010/05/08 10:38:18 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\me.BLUE\My Documents\111 aa LOT OF STUPID JUNK\May 7 more virus bleep\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/19 01:30:48 | 001,755,648 | ---- | M] () [Auto | Running] -- C:\Program Files\RoboSoft4\RSDBServer.exe -- (RSDBServerService)
SRV - [2010/03/24 20:39:48 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/10/29 11:22:50 | 030,603,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office 2007 Pro\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/09/26 05:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2005/01/13 17:59:12 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2005/01/13 17:56:44 | 000,057,409 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2004/11/30 11:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)


========== Driver Services (SafeList) ==========

DRV - [2010/05/07 12:24:34 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/24 20:33:50 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010/03/24 20:33:50 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010/03/24 20:33:46 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/02 12:21:00 | 000,020,616 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eufs.sys -- (EUFS)
DRV - [2009/12/02 12:20:58 | 000,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2009/12/02 12:20:56 | 000,026,248 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2009/12/02 12:20:54 | 000,122,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2009/05/13 11:56:28 | 000,034,080 | ---- | M] (Glance Networks, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\glancedrv.sys -- (glancedrv)
DRV - [2005/02/23 08:47:50 | 000,584,512 | ---- | M] (VIA - IC Ensemble, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Envy24HF.sys -- (Envy24HFS)
DRV - [2005/01/13 09:45:46 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/01/13 09:45:44 | 000,033,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/01/13 09:45:36 | 000,097,920 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NVTCP.SYS -- (NVTCP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 68.68.106.168:51630

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.0.3
FF - prefs.js..extensions.enabledItems: {8f5ce3f8-1735-4680-b15e-108f2f50e8ba}:2.0.1
FF - prefs.js..extensions.enabledItems: foxyseotool@foxyseotool.com:0.8.3
FF - prefs.js..extensions.enabledItems: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}:1.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: firefox-extension@shareaholic.com:1.9.7
FF - prefs.js..extensions.enabledItems: kgen@elitwork.com:0.7
FF - prefs.js..extensions.enabledItems: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}:4.1.0.18
FF - prefs.js..extensions.enabledItems: {5546F97E-11A5-46b0-9082-32AD74AAA920}:0.5.5.8
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.19.1
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: {49f3fc85-dcfe-4e42-9301-226ebe658509}:0.6.6
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.0.3
FF - prefs.js..extensions.enabledItems: seodoctor@prelovac.com:1.0
FF - prefs.js..extensions.enabledItems: {5287b941-4b3f-4e49-8b61-940865e882b1}:1.2.1
FF - prefs.js..extensions.enabledItems: {5c1a272d-6af9-4229-b821-11703c6b5ccf}:2.0
FF - prefs.js..extensions.enabledItems: adhighlighter@sidthemonkey.com:2.3
FF - prefs.js..extensions.enabledItems: savecomplete@perlprogrammer.com:1.0.1
FF - prefs.js..extensions.enabledItems: {3f1182ea-3243-4d32-8826-71fb1cc9c328}:0.9.1
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: fireform@mozilla.org:0.7
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.5.2
FF - prefs.js..extensions.enabledItems: {D719B74B-E716-403b-91A9-1CE455AB8ccc}:4.1
FF - prefs.js..extensions.enabledItems: seo4firefox@seobook.com:3.3.0
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.025
FF - prefs.js..extensions.enabledItems: flvmoviesdownloader@rzll:1.40
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.0.1
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.4
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Firefox\components [2010/05/09 19:31:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Firefox\plugins [2010/05/09 19:30:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/04/29 07:49:42 | 000,000,000 | ---D | M]

[2010/04/28 12:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Extensions
[2010/05/09 17:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions
[2010/05/07 19:31:52 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/04/29 12:45:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/30 10:47:31 | 000,000,000 | ---D | M] (X-Ray) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{3f1182ea-3243-4d32-8826-71fb1cc9c328}
[2010/04/29 23:08:10 | 000,000,000 | ---D | M] (LinkChecker) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}
[2010/04/30 16:54:35 | 000,000,000 | ---D | M] (ResultRank) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{5287b941-4b3f-4e49-8b61-940865e882b1}
[2010/04/29 22:31:35 | 000,000,000 | ---D | M] (InFormEnter) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
[2010/04/29 23:43:01 | 000,000,000 | ---D | M] (Niche Watch Tool) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{5c1a272d-6af9-4229-b821-11703c6b5ccf}
[2010/05/03 21:38:31 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/04/29 22:31:39 | 000,000,000 | ---D | M] (Amplify) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{8f5ce3f8-1735-4680-b15e-108f2f50e8ba}
[2010/04/29 22:31:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/04/29 22:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
[2010/04/29 23:08:10 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2010/04/29 23:08:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2010/05/04 19:14:33 | 000,000,000 | ---D | M] (Signature) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{D719B74B-E716-403b-91A9-1CE455AB8ccc}
[2010/05/07 19:31:54 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/05/02 18:56:08 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/04/29 22:31:35 | 000,000,000 | ---D | M] (Diigo Bookmarks and Web Annotations) -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}
[2010/04/29 23:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\adhighlighter@sidthemonkey.com
[2010/05/07 19:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\anttoolbar@ant.com
[2010/05/07 19:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\artur.dubovoy@gmail.com
[2010/05/04 19:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\autofillForms@blueimp.net
[2010/05/04 19:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\fireform@mozilla.org
[2010/04/29 17:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\firefox@ghostery.com
[2010/04/29 22:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\firefox-extension@shareaholic.com
[2010/05/07 19:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\flvmoviesdownloader@rzll
[2010/04/29 22:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\foxyproxy@eric.h.jung
[2010/04/29 22:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\foxyseotool@foxyseotool.com
[2010/04/29 22:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\kgen@elitwork.com
[2010/04/29 23:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\savecomplete@perlprogrammer.com
[2010/05/05 15:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\seo4firefox@seobook.com
[2010/04/29 23:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\seodoctor@prelovac.com
[2010/05/07 19:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\unplug@compunach
[2010/04/29 22:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\firefox-extension@shareaholic.com\chrome
[2010/04/29 22:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\extensions\firefox-extension@shareaholic.com\defaults
[2010/01/11 16:22:54 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Application Data\Mozilla\Firefox\Profiles\qpajqkpo.default\searchplugins\diigo--google.xml
[2010/04/28 12:07:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/22 15:14:24 | 000,176,128 | ---- | M] (Dimdim, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npDimdimControl.dll
[2007/03/09 16:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office 2007 Pro\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 2007 Pro\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKCU..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SEOLinkVine] C:\Program Files\SEOLinkVine\SEO LinkVine Ranker.exe (Bryxen Software)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 2007 Pro\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2007 Pro\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2007 Pro\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 2007 Pro\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 2007 Pro\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1263849381765 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1273281641656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\me.BLUE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\me.BLUE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office 2007 Pro\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/08 21:29:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/03/03 20:51:23 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/10 07:33:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/10 07:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Desktop\GooredFix Backups
[2010/05/10 01:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Local Settings\Application Data\Evernote
[2010/05/10 01:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Evernote
[2010/05/09 19:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/09 15:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\innerhub site
[2010/05/08 21:21:44 | 000,052,296 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCMON20.SYS
[2010/05/07 22:19:07 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/05/07 22:19:06 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/05/07 22:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Local Settings\Application Data\ApplicationHistory
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/05/07 22:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/05/07 19:04:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/07 18:32:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/05/07 18:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010/05/07 17:47:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/07 17:46:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/07 17:45:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/07 17:45:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/07 17:45:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/07 17:45:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/07 17:43:34 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/05/07 17:41:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/06 21:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2010/05/06 16:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\Screensaver Factory 5 Enterprise
[2010/05/06 16:31:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Application Data\Blumentals
[2010/05/06 15:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\Pass
[2010/05/05 13:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\Valeri Vlassov
[2010/05/05 13:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Application Data\Software Informer
[2010/05/05 13:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\Software Informer
[2010/05/05 10:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Application Data\RoboSoft
[2010/05/05 10:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\RoboSoft4
[2010/05/05 10:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RoboSoft
[2010/05/05 09:58:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Local Settings\Application Data\UInterface
[2010/05/05 09:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\Chamki
[2010/05/05 09:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\PAD
[2010/05/04 21:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Free Directory Submission Software
[2010/05/04 13:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\Snagit
[2010/05/04 13:29:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith
[2010/05/04 13:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010/05/04 13:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Local Settings\Application Data\TechSmith
[2010/05/04 12:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\GRAPHICS
[2010/05/03 22:37:19 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/03 22:37:19 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/03 22:37:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/03 22:37:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/03 18:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\eBook Maestro PRO
[2010/05/02 20:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\HTML2Exe Baler 2
[2010/05/02 20:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\EBook Maestro
[2010/05/02 20:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\eBook Maestro FREE
[2010/05/02 20:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\NATATA eBook Compiler Free
[2010/05/02 13:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\WebSiteZip Packer 1.3
[2010/05/01 10:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\SEOLinkVine
[2010/04/29 12:48:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\SEO LINK VINE
[2010/04/29 10:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
[2010/04/29 10:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Application Data\Yahoo!
[2010/04/29 10:18:36 | 000,000,000 | ---D | C] -- C:\FIX
[2010/04/29 10:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2010/04/29 10:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Application Data\SUPERAntiSpyware.com
[2010/04/29 10:07:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/29 10:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/28 20:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/28 19:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Local Settings\Application Data\Eraser 6
[2010/04/28 16:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Desktop\gmer
[2010/04/28 12:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Firefox
[2010/04/27 17:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\Plan B
[2010/04/25 11:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\bleep Islam
[2010/04/24 14:49:47 | 000,020,616 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eufs.sys
[2010/04/24 14:49:40 | 000,014,216 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudskacs.sys
[2010/04/24 14:49:39 | 000,026,248 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eubakup.sys
[2010/04/24 14:49:37 | 000,122,504 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\EuDisk.sys
[2010/04/24 14:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2010/04/23 10:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\Micro Niche Finder 5.0
[2010/04/22 11:45:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\Video Class
[2010/04/20 14:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\My SpringWidgets
[2010/04/18 22:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Article Buzz
[2010/04/18 15:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\PADGen
[2010/04/18 15:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Application Data\PADGen
[2010/04/18 15:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\PADGen
[2010/04/18 11:02:59 | 000,000,000 | ---D | C] -- C:\rsit
[2010/04/18 10:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/17 21:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2010/04/17 21:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010/04/17 13:30:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/04/17 13:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Local Settings\Application Data\Help
[2010/04/17 13:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Application Data\Help
[2010/04/17 10:15:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Application Data\Malwarebytes
[2010/04/17 10:15:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/17 10:15:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/04/17 10:15:24 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/17 10:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/13 17:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Application Data\FireShot
[2010/04/13 14:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\Howie
[2010/04/13 11:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\My Documents\Adobe Business Catalyst
[2010/04/11 16:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Application Data\NoteTab Light
[2010/04/11 16:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\NoteTab Light
[2010/04/11 16:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me.BLUE\Local Settings\Application Data\Yahoo
[2010/04/11 16:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2008/03/03 17:56:35 | 000,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2008/03/03 17:56:35 | 000,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\A3D.dll

========== Files - Modified Within 30 Days ==========

[2010/05/10 07:42:19 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\Shortcut to OTL.exe.lnk
[2010/05/10 07:38:28 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\me.BLUE\ntuser.dat
[2010/05/10 07:36:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/10 07:36:36 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/05/10 07:36:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/10 07:36:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/10 07:35:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\me.BLUE\ntuser.ini
[2010/05/10 07:33:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-562591055-682003330-1003UA.job
[2010/05/10 07:24:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/10 01:04:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/09 19:28:33 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\QuickTime Player.lnk
[2010/05/09 12:01:31 | 420,705,718 | ---- | M] () -- C:\WINDOWS\Procmon.pmb
[2010/05/09 11:33:04 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-562591055-682003330-1003Core.job
[2010/05/08 21:21:44 | 000,052,296 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCMON20.SYS
[2010/05/08 11:22:48 | 000,001,828 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Micro Niche Finder 5.0.lnk
[2010/05/07 22:16:25 | 000,505,286 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/07 22:16:25 | 000,443,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/07 22:16:25 | 000,072,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/07 22:12:10 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsinsWTF.BAK
[2010/05/07 18:04:19 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/07 17:47:50 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/07 13:33:53 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ywelec.dat
[2010/05/07 10:58:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MgemabWTF.bin
[2010/05/06 21:31:45 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Market Samurai.lnk
[2010/05/06 15:33:26 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/05/05 13:45:25 | 000,001,898 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VIPadd.lnk
[2010/05/05 10:41:50 | 000,000,635 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RoboSoft 4.lnk
[2010/05/04 13:29:20 | 000,001,754 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Snagit 9.lnk
[2010/05/02 21:02:08 | 000,000,222 | ---- | M] () -- C:\WINDOWS\EXEHtml.INI
[2010/05/02 20:39:25 | 000,075,776 | ---- | M] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2010/04/29 10:19:14 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\CCleaner.lnk
[2010/04/29 10:07:34 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/28 20:42:43 | 000,002,306 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\Google Chrome.lnk
[2010/04/28 16:10:26 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\gmer.zip
[2010/04/28 16:07:00 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\dds.scr
[2010/04/28 12:33:34 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\GoodSync.lnk
[2010/04/26 16:23:52 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Application Data\kcmdte.dat
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/22 21:33:47 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/22 15:02:54 | 000,002,475 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Traffic Mania - PressBot.lnk
[2010/04/22 13:12:06 | 000,058,432 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/22 12:45:57 | 000,070,704 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/21 16:40:09 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\Xenu.lnk
[2010/04/21 14:47:03 | 000,000,932 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\BookmarkingDemon 5.lnk
[2010/04/20 14:17:28 | 000,000,439 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\Web Simulator.lnk
[2010/04/20 14:17:28 | 000,000,391 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\Output.lnk
[2010/04/18 15:06:09 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\PADGen.lnk
[2010/04/18 10:47:00 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\HijackThis.lnk
[2010/04/16 10:04:09 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2010/04/15 12:10:44 | 000,001,250 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\Rank Decoding Engine Web 2 Sites.lnk
[2010/04/15 10:12:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\me.BLUE\test.db3
[2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/12 15:19:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/11 16:35:46 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Yahoo! Widgets.lnk
[2010/04/10 15:15:48 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\me.BLUE\Desktop\IS0030.db3

========== Files Created - No Company Name ==========

[2010/05/10 07:42:19 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\Shortcut to OTL.exe.lnk
[2010/05/09 19:28:33 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\QuickTime Player.lnk
[2010/05/09 12:01:31 | 420,705,718 | ---- | C] () -- C:\WINDOWS\Procmon.pmb
[2010/05/07 22:10:35 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/05/07 17:47:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/07 17:47:47 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/07 17:46:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/07 17:46:00 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/07 17:45:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/07 17:45:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/07 17:45:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/06 21:31:45 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Market Samurai.lnk
[2010/05/05 13:45:25 | 000,001,898 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VIPadd.lnk
[2010/05/05 10:41:50 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RoboSoft 4.lnk
[2010/05/04 13:29:20 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Snagit 9.lnk
[2010/05/02 21:02:08 | 000,000,222 | ---- | C] () -- C:\WINDOWS\EXEHtml.INI
[2010/05/02 20:39:25 | 000,075,776 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2010/04/29 10:07:34 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/28 20:42:43 | 000,002,306 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\Google Chrome.lnk
[2010/04/28 20:08:51 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\CCleaner.lnk
[2010/04/28 16:10:25 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\gmer.zip
[2010/04/28 16:06:48 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\dds.scr
[2010/04/28 12:59:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MgemabWTF.bin
[2010/04/28 12:59:03 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ywelec.dat
[2010/04/28 12:33:34 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\GoodSync.lnk
[2010/04/26 16:23:36 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Application Data\kcmdte.dat
[2010/04/25 15:55:03 | 007,864,320 | ---- | C] () -- C:\Documents and Settings\me.BLUE\ntuser.dat
[2010/04/24 19:31:32 | 000,346,624 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\AutoPligg 3.exe
[2010/04/23 10:32:22 | 000,001,828 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Micro Niche Finder 5.0.lnk
[2010/04/21 16:40:09 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\Xenu.lnk
[2010/04/20 14:16:40 | 000,000,439 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\Web Simulator.lnk
[2010/04/20 14:16:40 | 000,000,391 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\Output.lnk
[2010/04/18 15:06:09 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\PADGen.lnk
[2010/04/18 10:47:00 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\HijackThis.lnk
[2010/04/15 12:10:44 | 000,001,250 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\Rank Decoding Engine Web 2 Sites.lnk
[2010/04/15 10:15:14 | 000,000,037 | ---- | C] () -- C:\Documents and Settings\me.BLUE\error.txt
[2010/04/15 10:13:05 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\me.BLUE\license.txt
[2010/04/15 10:12:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\me.BLUE\test.db3
[2010/04/11 16:35:46 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Yahoo! Widgets.lnk
[2010/04/10 15:16:27 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\me.BLUE\Desktop\IS0030.db3
[2010/04/01 14:26:43 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/03/31 21:40:12 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\windriver32.ini
[2010/03/30 22:08:27 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/02/18 09:37:25 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/18 09:37:21 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/20 12:41:33 | 000,026,491 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010/01/20 11:15:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/18 11:24:16 | 000,020,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\XPCDriver.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2006/06/27 02:33:52 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2006/02/09 15:29:54 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
< End of report >


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:36 PM

Posted 10 May 2010 - 02:06 PM

Are you still getting detections from nod32 or having any other problems?

unite.jpg


#9 warner444

warner444
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern California
  • Local time:09:36 AM

Posted 10 May 2010 - 02:24 PM

I haven't run firefox yet today but it has been crashing multiple times and when I tried google chrome yesterday flash and roboform scripts crashed constantly. I will try them both now. NOD has no alerts and I am running a full scan right now. I will post results later.

Do you see any problems from the scan reports I posted earlier today?

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:36 PM

Posted 10 May 2010 - 02:38 PM

I haven't seen much wrong in your log's they look ok to me. If you are still having problems with firefox I would
think that it could be one of your addons, you could try disabling them one by one to try and determine which
one is causing the problems.

Can you run this online scan.

Please run a BitDefender Online Scan

Note: Only works with internet explorer
  • Click on the Start Scanner button.
  • Check I Agree to agree to the EULA, then click start here.
  • Allow the ActiveX control to install when prompted.
  • Click Start scan to begin scanning.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on more details, then click the detected problems tab and click, click here to export the scan report.
  • Save the report to your desktop as results.txt and post it in your next reply.

unite.jpg


#11 warner444

warner444
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern California
  • Local time:09:36 AM

Posted 13 May 2010 - 05:39 AM

Hi

I had the Bitdefender scan nearly done and the computer just shut down. It takes like 20 hours. Do you know if it saved a record anywhere?

It was finding and deleting generic trojans. a full ESET scan just before showed nothing.

I'll re-run BitDefnder but it will take a while.

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:36 PM

Posted 13 May 2010 - 01:53 PM

Hello,

If the computer just shutdown, then it won't have had a chance to save anything.

unite.jpg


#13 warner444

warner444
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern California
  • Local time:09:36 AM

Posted 14 May 2010 - 05:27 PM

Hi


I attached the BitDefender results as html because the text save then post looks unreadable. I posted it below from a copy of the html page.


there were some other files deleted in the first incomplete run which are not shown

How can I get to the stuff in the restore folders?

when Bitdefender was processing the last files it kicked off ESET 5 times the ESET made this report

5/14/2010 2:11:05 PM Real-time file system protection file C:\DOCUME~1\ME7642~1.BLU\LOCALS~1\Temp\tmp000024d0\tmp01ab09a1 probably a variant of Win32/Adware.Softomate.AA application cleaned by deleting - quarantined BLUE\me Event occurred on a new file created by the application: C:\Program Files\Internet Explorer\iexplore.exe.

5/14/2010 2:11:01 PM Real-time file system protection file C:\DOCUME~1\ME7642~1.BLU\LOCALS~1\Temp\tmp000024d0\tmp01ab0999 probably a variant of Win32/Adware.Softomate.AA application cleaned by deleting - quarantined BLUE\me Event occurred on a new file created by the application: C:\Program Files\Internet Explorer\iexplore.exe.

5/14/2010 2:10:16 PM Real-time file system protection file C:\DOCUME~1\ME7642~1.BLU\LOCALS~1\Temp\tmp000024d0\tmp01ab02e6 probably a variant of Win32/Agent trojan cleaned by deleting - quarantined BLUE\me Event occurred on a new file created by the application: C:\Program Files\Internet Explorer\iexplore.exe.

5/14/2010 2:05:09 PM Real-time file system protection file E:\System Volume Information\_restore{7ADBB2C6-E688-4711-9C99-97784041BD15}\RP633\A0181073.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined BLUE\me Event occurred during an attempt to access the file by the application: C:\Program Files\Internet Explorer\iexplore.exe.

5/14/2010 2:04:13 PM Real-time file system protection file E:\System Volume Information\_restore{7ADBB2C6-E688-4711-9C99-97784041BD15}\RP633\A0180947.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined BLUE\me Event occurred during an attempt to access the file by the application: C:\Program Files\Internet Explorer\iexplore.exe.


BitDefender Online Scanner







Scan report generated at: Fri, May 14, 2010 - 14:22:22









Scan path: C:\;D:\;E:\;















Statistics

Time


15:27:14

Files


5073878

Folders


62703

Boot Sectors


0

Archives


29065

Packed Files


443905







Results

Identified Viruses


8

Infected Files


18

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


18







Engines Info

Virus Definitions


5886913

Engine build


AVCORE v2.1 Windows/i386 11.0.0.33 (Feb 25 2010)

Scan plugins


17

Archive plugins


43

Unpack plugins


10

E-mail plugins


6

System plugins


4







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\RECYCLER\S-1-5-21-823518204-562591055-682003330-1003\Dc2\XSitePro2.v2.065-patch.rar=>XSitePro2.v2.065-patch.exe


Infected with: Backdoor.Generic.131861

C:\RECYCLER\S-1-5-21-823518204-562591055-682003330-1003\Dc2\XSitePro2.v2.065-patch.rar=>XSitePro2.v2.065-patch.exe


Deleted

C:\RECYCLER\S-1-5-21-823518204-562591055-682003330-1003\Dc2\XSitePro2.v2.065-patch.rar


Update failed

C:\RECYCLER\S-1-5-21-823518204-562591055-682003330-1003\Dc3.rar=>XSitePro2.v2.065-patch.exe


Infected with: Backdoor.Generic.131861

C:\RECYCLER\S-1-5-21-823518204-562591055-682003330-1003\Dc3.rar=>XSitePro2.v2.065-patch.exe


Deleted

C:\RECYCLER\S-1-5-21-823518204-562591055-682003330-1003\Dc3.rar


Update failed

E:\$1%@@@--F bACKUP jAN 2010\RSS Submit v2.60 regged [TUC2020][H33T]\RSS Submit v2.60 regged [TUC2020][H33T].rar=>RSS.Submit.v2.60-patch.exe


Infected with: Trojan.Generic.3260352

E:\$1%@@@--F bACKUP jAN 2010\RSS Submit v2.60 regged [TUC2020][H33T]\RSS Submit v2.60 regged [TUC2020][H33T].rar=>RSS.Submit.v2.60-patch.exe


Deleted

E:\$1%@@@--F bACKUP jAN 2010\RSS Submit v2.60 regged [TUC2020][H33T]\RSS Submit v2.60 regged [TUC2020][H33T].rar


Update failed

E:\backup stuff jan 08 blue\ADSENCE BIZ\DeskTopBucks\SCGMv1-Article-Membership\ArticleMembershipRights.zip=>index.html


Infected with: Trojan.Script.235528

E:\backup stuff jan 08 blue\ADSENCE BIZ\DeskTopBucks\SCGMv1-Article-Membership\ArticleMembershipRights.zip=>index.html


Deleted

E:\backup stuff jan 08 blue\ADSENCE BIZ\DeskTopBucks\SCGMv1-Article-Membership\ArticleMembershipRights.zip


Updated

E:\backup stuff jan 08 blue\ADSENCE BIZ\DeskTopBucks\SCGMv1-Article-Membership\index.html


Infected with: Trojan.Script.235528

E:\backup stuff jan 08 blue\ADSENCE BIZ\DeskTopBucks\SCGMv1-Article-Membership\index.html


Deleted

E:\backup stuff jan 08 blue\ADSENCE BIZ\DeskTopBucks\SCGMv1-Article-Membership.zip=>ArticleMembershipRights.zip=>index.html


Infected with: Trojan.Script.235528

E:\backup stuff jan 08 blue\ADSENCE BIZ\DeskTopBucks\SCGMv1-Article-Membership.zip=>ArticleMembershipRights.zip=>index.html


Deleted

E:\backup stuff jan 08 blue\ADSENCE BIZ\DeskTopBucks\SCGMv1-Article-Membership.zip=>ArticleMembershipRights.zip


Updated

E:\backup stuff jan 08 blue\ADSENCE BIZ\DeskTopBucks\SCGMv1-Article-Membership.zip


Updated

E:\backup stuff jan 08 blue\ADSENCE BIZ\DeskTopBucks\SCGMv1-Article-Membership.zip=>index.html


Infected with: Trojan.Script.235528

E:\backup stuff jan 08 blue\ADSENCE BIZ\DeskTopBucks\SCGMv1-Article-Membership.zip=>index.html


Deleted

E:\backup stuff jan 08 blue\ADSENCE BIZ\DeskTopBucks\SCGMv1-Article-Membership.zip


Updated

E:\backup stuff jan 08 blue\Downloads\Adobe CS3 Cracks and Keygens\Fireworks CS3\FireWorks CS3 Keygen + Activation.exe


Infected with: Trojan.Generic.3066048

E:\backup stuff jan 08 blue\Downloads\Adobe CS3 Cracks and Keygens\Fireworks CS3\FireWorks CS3 Keygen + Activation.exe


Deleted

E:\backup stuff jan 08 blue\Downloads\Seo Elite 4\seo.elite.4.0.r20-patch.exe


Infected with: Trojan.Generic.1795948

E:\backup stuff jan 08 blue\Downloads\Seo Elite 4\seo.elite.4.0.r20-patch.exe


Deleted

E:\System Volume Information\_restore{7ADBB2C6-E688-4711-9C99-97784041BD15}\RP628\A0158173.exe


Infected with: Trojan.Generic.3066048

E:\System Volume Information\_restore{7ADBB2C6-E688-4711-9C99-97784041BD15}\RP628\A0158173.exe


Deleted

E:\System Volume Information\_restore{7ADBB2C6-E688-4711-9C99-97784041BD15}\RP633\A0180596.exe


Infected with: Trojan.Generic.1795948

E:\System Volume Information\_restore{7ADBB2C6-E688-4711-9C99-97784041BD15}\RP633\A0180596.exe


Deleted

E:\System Volume Information\_restore{7ADBB2C6-E688-4711-9C99-97784041BD15}\RP633\A0180810.exe


Infected with: Trojan.Generic.3260352

E:\System Volume Information\_restore{7ADBB2C6-E688-4711-9C99-97784041BD15}\RP633\A0180810.exe


Deleted

E:\System Volume Information\_restore{7ADBB2C6-E688-4711-9C99-97784041BD15}\RP633\A0182088.exe=>(CAB Sfx o)=>dzinst.exe


Infected with: Trojan.Generic.2236057

E:\System Volume Information\_restore{7ADBB2C6-E688-4711-9C99-97784041BD15}\RP633\A0182088.exe=>(CAB Sfx o)=>dzinst.exe


Deleted

E:\System Volume Information\_restore{7ADBB2C6-E688-4711-9C99-97784041BD15}\RP633\A0182088.exe=>(CAB Sfx o)


Update failed

E:\System Volume Information\_restore{7ADBB2C6-E688-4711-9C99-97784041BD15}\RP633\A0182184.exe=>(NSIS o)=>lzma_solid_nsis0012


Detected with: Adware.Generic.111639

E:\System Volume Information\_restore{7ADBB2C6-E688-4711-9C99-97784041BD15}\RP633\A0182184.exe=>(NSIS o)=>lzma_solid_nsis0012


Deleted

E:\System Volume Information\_restore{7ADBB2C6-E688-4711-9C99-97784041BD15}\RP633\A0182184.exe=>(NSIS o)


Update failed

E:\System Volume Information\_restore{7ADBB2C6-E688-4711-9C99-97784041BD15}\RP633\A0182184.exe=>(NSIS o)=>lzma_solid_nsis0014


Detected with: Adware.Generic.84935

E:\System Volume Information\_restore{7ADBB2C6-E688-4711-9C99-97784041BD15}\RP633\A0182184.exe=>(NSIS o)=>lzma_solid_nsis0014


Deleted

E:\System Volume Information\_restore{7ADBB2C6-E688-4711-9C99-97784041BD15}\RP633\A0182184.exe=>(NSIS o)


Update failed

E:\System Volume Information\_restore{CABB304E-69D2-49DB-8A68-EDE09C3FD9FA}\RP138\A0058511.exe


Infected with: Trojan.Generic.3260352

E:\System Volume Information\_restore{CABB304E-69D2-49DB-8A68-EDE09C3FD9FA}\RP138\A0058511.exe


Deleted

E:\System Volume Information\_restore{CABB304E-69D2-49DB-8A68-EDE09C3FD9FA}\RP139\A0059592.exe


Infected with: Trojan.Generic.3066048

E:\System Volume Information\_restore{CABB304E-69D2-49DB-8A68-EDE09C3FD9FA}\RP139\A0059592.exe


Deleted

E:\System Volume Information\_restore{CABB304E-69D2-49DB-8A68-EDE09C3FD9FA}\RP139\A0059593.exe


Infected with: Trojan.Generic.1795948

E:\System Volume Information\_restore{CABB304E-69D2-49DB-8A68-EDE09C3FD9FA}\RP139\A0059593.exe


Deleted




















Attached Files



#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:36 PM

Posted 16 May 2010 - 01:12 PM

QUOTE
How can I get to the stuff in the restore folders?


We can deal with these once I confirm you are clean. Can you tell me how your computer has
been running. The BitDefender log shows that you have been downloading cracked software,
so please take note of the following information.


IMPORTANT NOTE: Your scan log results indicate you are using keygens/crack tools.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

QUOTE
...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

QUOTE
...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.



Download and Run Rooter SD

Please download Rooter.exe and save it to your desktop
  • Double-click it to start the tool. If you are using Vista, please right-click and choose Run As Administrator...
  • Alow it to run when you get a Security Warning.
  • At the main control page, please click the green button.
  • It will now begin to scan, please be paitent. The scan should not take more than 3 minutes
  • A Notepad file containing the report will open soon. It can also be found at %systemdrive%\Rooter$\Rooter_1.txt
  • Now push the button to close Rooter.
  • Please post the contents of that log file here in your next reply.


Please post back with the Rooter log and a new DDS log.

Thanks

unite.jpg


#15 warner444

warner444
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern California
  • Local time:09:36 AM

Posted 17 May 2010 - 04:55 PM

Hi

I tried to run Rooter.exe 4 times and it keeps crashing. Even after reboot. Any tips to get it to run?

The computer seems to be running good. Today though I had this happen

5/17/2010 2:17:11 PM Real-time file system protection file C:\Documents and Settings\me.BLUE\Local Settings\Application Data\Mozilla\Firefox\Profiles\Cache\8432A57Bd01 HTML/ScrInject.B.Gen virus deleted - quarantined BLUE\me Event occurred on a new file created by the application: C:\Program Files\Firefox\firefox.exe.

3 times so far. Had several tabs open so not sure which site sent it.

Here is DDS


DDS (Ver_10-03-17.01) - NTFSx86
Run by me at 14:50:10.15 on Mon 05/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1583 [GMT -7:00]

AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\RoboSoft4\RSDBServer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\me.BLUE\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 68.68.106.168:51630
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program

files\yahoo!\companion\installs\cpn\yt.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi6a65~1\office14\GROOVEEX.DLL
BHO: Diigo Toolbar Helper: {84053da7-03de-4fb6-80ae-202c04691d8a} - c:\program files\diigo\DiigoToolbar.4.0.2.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi6a65~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program

files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: Diigo Toolbar: {09197ffb-c236-4153-b268-31051e4f3b6c} - c:\program files\diigo\DiigoToolbar.4.0.2.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Diigo Sidebar: {69523951-583f-418c-bde7-18efc9fd54b4} - c:\program files\diigo\DiigoToolbar.4.0.2.dll
uRun: [HijackThis startup scan] c:\program files\trend micro\hijackthis\HijackThis.exe /startupscan
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi6a65~1\office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Se&nd to OneNote - /105
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office 2007

pro\office14\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program

files\winhttrack\WinHTTrackIEBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 2007

pro\office14\ONBttnIELinkedNotes.dll
IE: {B952F2E0-5F9F-4898-89A8-4FB770625E09} - {84053DA7-03DE-4FB6-80AE-202C04691D8A} - c:\program

files\diigo\DiigoToolbar.4.0.2.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program

files\evernote\evernote3.5\enbar.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263849381765
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1273281641656
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft

shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi6a65~1\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\me7642~1.blu\applic~1\mozilla\firefox\profiles\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\me.blue\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\mi6a65~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDimdimControl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program

files\firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\firefox\greprefs\security-prefs.js -

pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",

"chrome://browser/locale/browser.properties");
c:\program files\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2010-4-24 26248]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2010-4-24 20616]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-24 114984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-4-27 68168]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-3-24 810120]
R2 RSDBServerService;RoboSoft Database Server;c:\program files\robosoft4\RSDBServer.exe [2010-5-5 1755648]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [2008-3-3 584512]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2010-4-24 122504]
S3 esihdrv;esihdrv;\??\c:\docume~1\me7642~1.blu\locals~1\temp\esihdrv.sys -->

c:\docume~1\me7642~1.blu\locals~1\temp\esihdrv.sys [?]
S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2010-4-24 14216]
S3 glancedrv;glancedrv;c:\windows\system32\drivers\glancedrv.sys [2010-2-15 34080]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft

office 2007 pro\office14\GROOVE.EXE [2009-10-29 30603640]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft

shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]

=============== Created Last 30 ================

2010-05-17 17:36:55 0 d-----w- c:\program files\Skybound Stylizer 4
2010-05-14 18:15:28 0 d-----w- c:\program files\Market Samurai
2010-05-10 22:37:20 107864 ----a-w- c:\windows\system32\tsccvid.dll
2010-05-10 22:37:17 0 d-----w- c:\windows\system32\QuickTime
2010-05-10 22:36:38 0 d-----w- c:\program files\common files\TechSmith Shared
2010-05-10 18:58:46 72080 ----a-w- c:\documents and settings\me.blue\g2mdlhlpx.exe
2010-05-10 16:34:58 0 d-----w- c:\program files\Diigo
2010-05-10 14:33:00 0 d-----w- C:\_OTL
2010-05-10 08:03:20 0 d-----w- c:\program files\Evernote
2010-05-09 19:01:31 9010640312 ----a-w- c:\windows\Procmon.pmb
2010-05-09 04:21:44 52296 ------w- c:\windows\system32\drivers\PROCMON20.SYS
2010-05-08 05:19:07 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-05-08 05:19:06 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-08 01:31:50 0 d-----w- c:\windows\system32\URTTEMP
2010-05-08 00:47:40 0 d-sha-r- C:\cmdcons
2010-05-08 00:46:04 77312 ----a-w- c:\windows\MBR.exe
2010-05-08 00:46:00 256512 ----a-w- c:\windows\PEV.exe
2010-05-08 00:45:59 161792 ----a-w- c:\windows\SWREG.exe
2010-05-08 00:45:58 98816 ----a-w- c:\windows\sed.exe
2010-05-08 00:43:34 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 23:31:40 0 d-----w- c:\program files\Screensaver Factory 5 Enterprise
2010-05-06 23:31:40 0 d-----w- c:\docume~1\me7642~1.blu\applic~1\Blumentals
2010-05-05 20:45:23 0 d-----w- c:\program files\Valeri Vlassov
2010-05-05 20:40:22 0 d-----w- c:\docume~1\me7642~1.blu\applic~1\Software Informer
2010-05-05 20:40:18 0 d-----w- c:\program files\Software Informer
2010-05-05 17:41:39 0 d-----w- c:\docume~1\me7642~1.blu\applic~1\RoboSoft
2010-05-05 17:41:38 0 d-----w- c:\program files\RoboSoft4
2010-05-05 17:41:38 0 d-----w- c:\docume~1\alluse~1.win\applic~1\RoboSoft
2010-05-05 16:58:20 0 d-----w- c:\program files\Chamki
2010-05-05 04:30:35 0 d-----w- c:\program files\Free Directory Submission Software
2010-05-04 05:37:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-04 01:21:41 0 d-----w- c:\program files\eBook Maestro PRO
2010-05-03 04:02:08 222 ----a-w- c:\windows\EXEHtml.INI
2010-05-03 03:39:25 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2010-05-03 03:39:25 0 d-----w- c:\program files\HTML2Exe Baler 2
2010-05-03 03:34:28 0 d-----w- c:\program files\eBook Maestro FREE
2010-05-03 03:32:02 0 d-----w- c:\program files\NATATA eBook Compiler Free
2010-05-02 20:33:08 0 d-----w- c:\program files\WebSiteZip Packer 1.3
2010-05-01 17:08:08 0 d-----w- c:\program files\SEOLinkVine
2010-04-29 17:18:36 0 d-----w- C:\FIX
2010-04-29 17:07:39 0 d-----w- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2010-04-29 17:07:27 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-29 17:07:27 0 d-----w- c:\docume~1\me7642~1.blu\applic~1\SUPERAntiSpyware.com
2010-04-29 17:07:10 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-04-29 03:08:41 0 d-----w- c:\program files\CCleaner
2010-04-28 19:59:04 0 ----a-w- c:\windows\MgemabWTF.bin
2010-04-28 19:59:03 120 ----a-w- c:\windows\Ywelec.dat
2010-04-28 19:18:35 0 d-----w- c:\program files\Firefox
2010-04-27 00:29:04 0 d-----w- c:\windows\system32\wbem\Repository
2010-04-26 23:23:36 20 ----a-w- c:\docume~1\me7642~1.blu\applic~1\kcmdte.dat
2010-04-24 21:49:47 20616 ----a-w- c:\windows\system32\drivers\eufs.sys
2010-04-24 21:49:40 14216 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2010-04-24 21:49:39 26248 ----a-w- c:\windows\system32\drivers\eubakup.sys
2010-04-24 21:49:37 122504 ----a-w- c:\windows\system32\drivers\EuDisk.sys
2010-04-24 21:48:51 0 d-----w- c:\program files\EASEUS
2010-04-23 17:32:13 0 d-----w- c:\program files\Micro Niche Finder 5.0
2010-04-19 05:01:30 0 d-----w- c:\program files\Article Buzz
2010-04-18 22:06:12 0 d-----w- c:\docume~1\me7642~1.blu\applic~1\PADGen
2010-04-18 22:06:01 0 d-----w- c:\program files\PADGen
2010-04-18 17:46:58 0 d-----w- c:\program files\Trend Micro
2010-04-18 04:27:51 0 d-----w- c:\program files\Speccy
2010-04-18 04:26:11 0 d-----w- c:\program files\Defraggler

==================== Find3M ====================

2010-04-22 20:12:06 58432 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-22 18:44:48 942940 ----a-w- c:\windows\fonts\DVEasyPrompterSans.ttf
2010-03-30 07:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 03:33:50 55232 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2010-03-25 03:33:50 32584 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-03-25 03:33:46 134488 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-03-25 03:31:06 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-25 03:23:52 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-20 12:31:17 910479 ----a-w- c:\windows\XSitePro2 Uninstaller.exe
2010-02-17 16:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-01-18 23:18:58 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\inde




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users